diff --git a/config/checkstyle/checkstyle.xml b/config/checkstyle/checkstyle.xml index 4e7c4eb..8635da6 100644 --- a/config/checkstyle/checkstyle.xml +++ b/config/checkstyle/checkstyle.xml @@ -5,7 +5,8 @@ + org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.*, + org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.*" /> diff --git a/servlet/spring-boot/java/oauth2/webclient/README.adoc b/servlet/spring-boot/java/oauth2/webclient/README.adoc new file mode 100644 index 0000000..b234f34 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/README.adoc @@ -0,0 +1,63 @@ += OAuth 2.0 WebClient (Servlet) Sample + +== GitHub Repositories + +This guide provides instructions on setting up the sample application, which leverages WebClient OAuth2 integration to display a list of public GitHub repositories that are accessible to the authenticated user. + +This includes repositories owned by the authenticated user, repositories where the authenticated user is a collaborator, and repositories that the authenticated user has access to through an organization membership. + +The following sections provide detailed steps for setting up the sample and covers the following topics: + +* <> +* <> +* <> + +[[github-register-application]] +=== Register OAuth application + +To use GitHub's OAuth 2.0 authorization system, you must https://github.com/settings/applications/new[Register a new OAuth application]. + +When registering the OAuth application, ensure the *Authorization callback URL* is set to `http://localhost:8080/login/oauth2/code/client-id`. + +The Authorization callback URL (redirect URI) is the path in the application that the end-user's user-agent is redirected back to after they have authenticated with GitHub and have granted access to the OAuth application on the _Authorize application_ page. + +[[github-application-config]] +=== Configure application.yml + +Now that you have a new OAuth application with GitHub, you need to configure the sample to use the OAuth application for the _authorization code grant flow_. +To do so: + +. Go to `application.yml` and set the following configuration: ++ +[source,yaml] +---- +spring: + security: + oauth2: + client: + registration: <1> + client-id: <2> + client-id: replace-with-client-id + client-secret: replace-with-client-secret + provider: github + scope: read:user,public_repo +---- ++ +.OAuth Client properties +==== +<1> `spring.security.oauth2.client.registration` is the base property prefix for OAuth Client properties. +<2> Following the base property prefix is the ID for the `ClientRegistration`, which is github. +==== + +. Replace the values in the `client-id` and `client-secret` property with the OAuth 2.0 credentials you created earlier. + +[[github-boot-application]] +=== Boot up the application + +Launch the Spring Boot 2.0 sample and go to `http://localhost:8080`. +You are then redirected to the default _auto-generated_ form login page. +Log in using *'user'* (username) and *'password'* (password) or click the link to authenticate with GitHub and then you'll be redirected to GitHub for authentication. + +After authenticating with your GitHub credentials, the next page presented to you is "Authorize application". +This page will ask you to *Authorize* the application you created in the previous step. +Click _Authorize application_ to allow the OAuth application to access and display your public repository information. diff --git a/servlet/spring-boot/java/oauth2/webclient/build.gradle b/servlet/spring-boot/java/oauth2/webclient/build.gradle new file mode 100644 index 0000000..10402ed --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/build.gradle @@ -0,0 +1,45 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +plugins { + id 'org.springframework.boot' version '2.2.6.RELEASE' + id 'io.spring.dependency-management' version '1.0.9.RELEASE' + id "nebula.integtest" version "7.0.9" + id 'java' +} + +repositories { + mavenCentral() + maven { url "https://repo.spring.io/snapshot" } +} + +dependencies { + implementation 'org.springframework.boot:spring-boot-starter-oauth2-client' + implementation 'org.springframework:spring-webflux' + implementation 'org.springframework.boot:spring-boot-starter-thymeleaf' + implementation 'org.springframework.boot:spring-boot-starter-web' + implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5' + implementation 'io.projectreactor.netty:reactor-netty' + + testImplementation 'org.springframework.boot:spring-boot-starter-test' + testImplementation 'org.springframework.security:spring-security-test' + testImplementation 'com.squareup.okhttp3:mockwebserver' +} + + +tasks.withType(Test).configureEach { + useJUnitPlatform() +} \ No newline at end of file diff --git a/servlet/spring-boot/java/oauth2/webclient/gradle.properties b/servlet/spring-boot/java/oauth2/webclient/gradle.properties new file mode 100644 index 0000000..7def6a0 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/gradle.properties @@ -0,0 +1 @@ +spring-security.version=5.4.0.BUILD-SNAPSHOT diff --git a/servlet/spring-boot/java/oauth2/webclient/gradle/wrapper/gradle-wrapper.jar b/servlet/spring-boot/java/oauth2/webclient/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..62d4c05 Binary files /dev/null and b/servlet/spring-boot/java/oauth2/webclient/gradle/wrapper/gradle-wrapper.jar differ diff --git a/servlet/spring-boot/java/oauth2/webclient/gradle/wrapper/gradle-wrapper.properties b/servlet/spring-boot/java/oauth2/webclient/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..bb8b2fc --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,5 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-6.5.1-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/servlet/spring-boot/java/oauth2/webclient/gradlew b/servlet/spring-boot/java/oauth2/webclient/gradlew new file mode 100755 index 0000000..fbd7c51 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/gradlew @@ -0,0 +1,185 @@ +#!/usr/bin/env sh + +# +# Copyright 2015 the original author or authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin or MSYS, switch paths to Windows format before running java +if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=`expr $i + 1` + done + case $i in + 0) set -- ;; + 1) set -- "$args0" ;; + 2) set -- "$args0" "$args1" ;; + 3) set -- "$args0" "$args1" "$args2" ;; + 4) set -- "$args0" "$args1" "$args2" "$args3" ;; + 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=`save "$@"` + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +exec "$JAVACMD" "$@" diff --git a/servlet/spring-boot/java/oauth2/webclient/gradlew.bat b/servlet/spring-boot/java/oauth2/webclient/gradlew.bat new file mode 100644 index 0000000..a9f778a --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/gradlew.bat @@ -0,0 +1,104 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/servlet/spring-boot/java/oauth2/webclient/settings.gradle b/servlet/spring-boot/java/oauth2/webclient/settings.gradle new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/settings.gradle @@ -0,0 +1 @@ + diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/IndexController.java b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/IndexController.java new file mode 100644 index 0000000..a397808 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/IndexController.java @@ -0,0 +1,35 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package example; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; + +/** + * The index controller. + * + * @author Rob Winch + */ +@Controller +public class IndexController { + + @GetMapping("/") + String index() { + return "index"; + } + +} diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/OAuth2WebClientApplication.java b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/OAuth2WebClientApplication.java new file mode 100644 index 0000000..1ebf1ef --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/OAuth2WebClientApplication.java @@ -0,0 +1,35 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package example; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration; + +/** + * An OAuth web application that demonstrates integration with WebClient. + * + * @author Joe Grandja + */ +// FIXME: Work around https://github.com/spring-projects/spring-boot/issues/14463 +@SpringBootApplication(exclude = ReactiveOAuth2ClientAutoConfiguration.class) +public class OAuth2WebClientApplication { + + public static void main(String[] args) { + SpringApplication.run(OAuth2WebClientApplication.class, args); + } + +} diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/OAuth2WebClientController.java b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/OAuth2WebClientController.java new file mode 100644 index 0000000..7e4582d --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/OAuth2WebClientController.java @@ -0,0 +1,69 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package example; + +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.reactive.function.client.WebClient; + +import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId; + +/** + * Demonstrates use of WebClient. + * + * @author Joe Grandja + * @author Rob Winch + */ +@Controller +@RequestMapping(path = { "/webclient", "/public/webclient" }) +public class OAuth2WebClientController { + + private final WebClient webClient; + + public OAuth2WebClientController(WebClient webClient) { + this.webClient = webClient; + } + + @GetMapping("/explicit") + String explicit(Model model) { + // @formatter:off + String body = this.webClient + .get() + .attributes(clientRegistrationId("client-id")) + .retrieve() + .bodyToMono(String.class) + .block(); + // @formatter:on + model.addAttribute("body", body); + return "response"; + } + + @GetMapping("/implicit") + String implicit(Model model) { + // @formatter:off + String body = this.webClient + .get() + .retrieve() + .bodyToMono(String.class) + .block(); + // @formatter:on + model.addAttribute("body", body); + return "response"; + } + +} diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/RegisteredOAuth2AuthorizedClientController.java b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/RegisteredOAuth2AuthorizedClientController.java new file mode 100644 index 0000000..0371fed --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/RegisteredOAuth2AuthorizedClientController.java @@ -0,0 +1,73 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package example; + +import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; +import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.reactive.function.client.WebClient; + +import static org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient; + +/** + * Demonstrates of {@link RegisteredOAuth2AuthorizedClient}. + * + * @author Joe Grandja + * @author Rob Winch + */ +@Controller +@RequestMapping(path = { "/annotation", "/public/annotation" }) +public class RegisteredOAuth2AuthorizedClientController { + + private final WebClient webClient; + + public RegisteredOAuth2AuthorizedClientController(WebClient webClient) { + this.webClient = webClient; + } + + @GetMapping("/explicit") + String explicit(Model model, + @RegisteredOAuth2AuthorizedClient("client-id") OAuth2AuthorizedClient authorizedClient) { + // @formatter:off + String body = this.webClient + .get() + .attributes(oauth2AuthorizedClient(authorizedClient)) + .retrieve() + .bodyToMono(String.class) + .block(); + // @formatter:on + model.addAttribute("body", body); + return "response"; + } + + @GetMapping("/implicit") + String implicit(Model model, @RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient) { + // @formatter:off + String body = this.webClient + .get() + .attributes(oauth2AuthorizedClient(authorizedClient)) + .retrieve() + .bodyToMono(String.class) + .block(); + // @formatter:on + model.addAttribute("body", body); + return "response"; + } + +} diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java new file mode 100644 index 0000000..87486af --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java @@ -0,0 +1,63 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package example; + +import org.springframework.context.annotation.Bean; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; + +import static org.springframework.security.config.Customizer.withDefaults; + +/** + * Security configuration for OAuth WebClient. + * + * @author Joe Grandja + */ +@EnableWebSecurity +public class SecurityConfiguration extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + // @formatter:off + http + .authorizeRequests((requests) -> requests + .mvcMatchers("/", "/public/**").permitAll() + .anyRequest().authenticated() + ) + .formLogin(withDefaults()) + .oauth2Login(withDefaults()) + .oauth2Client(withDefaults()); + // @formatter:on + } + + @Bean + public UserDetailsService userDetailsService() { + // @formatter:off + UserDetails userDetails = User.withDefaultPasswordEncoder() + .username("user") + .password("password") + .roles("USER") + .build(); + // @formatter:on + return new InMemoryUserDetailsManager(userDetails); + } + +} diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/WebClientConfiguration.java b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/WebClientConfiguration.java new file mode 100644 index 0000000..1ce4746 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/WebClientConfiguration.java @@ -0,0 +1,75 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package example; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder; +import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager; +import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; +import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction; +import org.springframework.web.reactive.function.client.WebClient; + +/** + * Configuration of WebClient so it works with OAuth2. + * + * @author Rob Winch + * @since 5.1 + */ +@Configuration +public class WebClientConfiguration { + + @Value("${resource-uri}") + String resourceUri; + + @Bean + WebClient webClient(OAuth2AuthorizedClientManager authorizedClientManager) { + ServletOAuth2AuthorizedClientExchangeFilterFunction oauth2 = new ServletOAuth2AuthorizedClientExchangeFilterFunction( + authorizedClientManager); + oauth2.setDefaultOAuth2AuthorizedClient(true); + // @formatter:off + return WebClient.builder() + .baseUrl(this.resourceUri) + .apply(oauth2.oauth2Configuration()) + .build(); + // @formatter:on + } + + @Bean + OAuth2AuthorizedClientManager authorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, + OAuth2AuthorizedClientRepository authorizedClientRepository) { + // @formatter:off + OAuth2AuthorizedClientProvider authorizedClientProvider = + OAuth2AuthorizedClientProviderBuilder.builder() + .authorizationCode() + .refreshToken() + .clientCredentials() + .password() + .build(); + // @formatter:on + DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager( + clientRegistrationRepository, authorizedClientRepository); + authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); + + return authorizedClientManager; + } + +} diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/resources/application.yml b/servlet/spring-boot/java/oauth2/webclient/src/main/resources/application.yml new file mode 100644 index 0000000..8528a06 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/resources/application.yml @@ -0,0 +1,21 @@ +logging: + level: + root: INFO + org.springframework.web: INFO + org.springframework.security: INFO +# org.springframework.boot.autoconfigure: DEBUG + +spring: + thymeleaf: + cache: false + security: + oauth2: + client: + registration: + client-id: + client-id: replace-with-client-id + client-secret: replace-with-client-secret + provider: github + scope: read:user,public_repo + +resource-uri: https://api.github.com/user/repos diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/resources/templates/index.html b/servlet/spring-boot/java/oauth2/webclient/src/main/resources/templates/index.html new file mode 100644 index 0000000..07a8e68 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/resources/templates/index.html @@ -0,0 +1,51 @@ + + + + OAuth2 WebClient Showcase + + + +Log Out +

Examples

+ +

@RegisteredOAuth2AuthorizedClient

+

+Examples on RegisteredOAuth2AuthorizedClientController +

Authenticated

+
    +
  • Explicit - Explicitly provide a Client Registration Id
    • +
  • + Implicit - Use the currently logged in user's OAuth Token. This will + only work if the user authenticates with oauth2Login and the token provided is the correct token provided at + log in is authorized.
    • +
+

Public

+
    +
  • Explicit - Explicitly provide a Client Registration Id
    • +
  • + Implicit - This will fail if the user is not authenticated. + Since it is mapped to permitAll, it is going to fail unless the user already took an action to log in and then + authenticates with oauth2Login()
    • +
+ +

ServletOAuth2AuthorizedClientExchangeFilterFunction

+

+ Examples on OAuth2WebClientController that demonstrate how to use ServletOAuth2AuthorizedClientExchangeFilterFunction +

Authenticated

+
    +
  • Explicit - Explicitly provide a Client Registration Id
    • +
  • + Implicit - Use the currently logged in user's OAuth Token. This will + only work if the user authenticates with oauth2Login and the token provided is the correct token provided at + log in is authorized.
    • +
+

Public

+
    +
  • Explicit - Explicitly provide a Client Registration Id
    • +
  • + Implicit - This will fail if the user is not authenticated. + Since it is mapped to permitAll, it is going to fail unless the user already took an action to log in and then + authenticates with oauth2Login()
    • +
+ + diff --git a/servlet/spring-boot/java/oauth2/webclient/src/main/resources/templates/response.html b/servlet/spring-boot/java/oauth2/webclient/src/main/resources/templates/response.html new file mode 100644 index 0000000..210c18c --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/main/resources/templates/response.html @@ -0,0 +1,31 @@ + + + + + + OAuth2 WebClient Showcase + + + +Back +

Response

+
+ + + diff --git a/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/OAuth2WebClientApplicationTests.java b/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/OAuth2WebClientApplicationTests.java new file mode 100644 index 0000000..ecadfc4 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/OAuth2WebClientApplicationTests.java @@ -0,0 +1,47 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package example; + +import org.junit.jupiter.api.Test; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.web.servlet.MockMvc; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +/** + * @author Rob Winch + */ +@SpringBootTest +@AutoConfigureMockMvc +public class OAuth2WebClientApplicationTests { + + @Autowired + private MockMvc mockMvc; + + @Test + void annotationExplicitWhenNotAuthenticatedThenLoginRequested() throws Exception { + // @formatter:off + this.mockMvc.perform(get("/annotation/explicit")) + .andExpect(status().is3xxRedirection()); + // @formatter:on + } + +} diff --git a/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/OAuth2WebClientControllerTests.java b/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/OAuth2WebClientControllerTests.java new file mode 100644 index 0000000..a23a480 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/OAuth2WebClientControllerTests.java @@ -0,0 +1,116 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package example; + +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.Test; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository; +import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.web.reactive.function.client.WebClient; + +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Client; +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +@WebMvcTest +@Import({ SecurityConfiguration.class, OAuth2WebClientController.class }) +@AutoConfigureMockMvc +public class OAuth2WebClientControllerTests { + + private static MockWebServer web = new MockWebServer(); + + @Autowired + private MockMvc mockMvc; + + @MockBean + ClientRegistrationRepository clientRegistrationRepository; + + @AfterAll + static void shutdown() throws Exception { + web.shutdown(); + } + + @Test + void explicitWhenAuthenticatedThenUsesClientIdRegistration() throws Exception { + web.enqueue(new MockResponse().setBody("body").setResponseCode(200)); + // @formatter:off + this.mockMvc.perform(get("/webclient/explicit") + .with(oauth2Login()) + .with(oauth2Client("client-id"))) + .andExpect(status().isOk()); + // @formatter:on + } + + @Test + void implicitWhenAuthenticatedThenUsesDefaultRegistration() throws Exception { + web.enqueue(new MockResponse().setBody("body").setResponseCode(200)); + // @formatter:off + this.mockMvc.perform(get("/webclient/implicit") + .with(oauth2Login())) + .andExpect(status().isOk()); + // @formatter:on + } + + @Test + void publicExplicitWhenAuthenticatedThenUsesClientIdRegistration() throws Exception { + web.enqueue(new MockResponse().setBody("body").setResponseCode(200)); + // @formatter:off + this.mockMvc.perform(get("/public/webclient/explicit") + .with(oauth2Client("client-id"))) + .andExpect(status().isOk()); + // @formatter:on + } + + @Test + void publicImplicitWhenAuthenticatedThenUsesDefaultRegistration() throws Exception { + web.enqueue(new MockResponse().setBody("body").setResponseCode(200)); + // @formatter:off + this.mockMvc.perform(get("/public/webclient/implicit") + .with(oauth2Login())) + .andExpect(status().isOk()); + // @formatter:on + } + + @Configuration + static class WebClientConfig { + + @Bean + WebClient web() { + return WebClient.create(web.url("/").toString()); + } + + @Bean + OAuth2AuthorizedClientRepository authorizedClientRepository() { + return new HttpSessionOAuth2AuthorizedClientRepository(); + } + + } + +} diff --git a/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/RegisteredOAuth2AuthorizedClientControllerTests.java b/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/RegisteredOAuth2AuthorizedClientControllerTests.java new file mode 100644 index 0000000..9a93a01 --- /dev/null +++ b/servlet/spring-boot/java/oauth2/webclient/src/test/java/example/RegisteredOAuth2AuthorizedClientControllerTests.java @@ -0,0 +1,116 @@ +/* + * Copyright 2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package example; + +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.Test; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository; +import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.web.reactive.function.client.WebClient; + +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Client; +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +@WebMvcTest +@Import({ SecurityConfiguration.class, RegisteredOAuth2AuthorizedClientController.class }) +@AutoConfigureMockMvc +public class RegisteredOAuth2AuthorizedClientControllerTests { + + private static MockWebServer web = new MockWebServer(); + + @Autowired + private MockMvc mockMvc; + + @MockBean + ClientRegistrationRepository clientRegistrationRepository; + + @AfterAll + static void shutdown() throws Exception { + web.shutdown(); + } + + @Test + void annotationExplicitWhenAuthenticatedThenUsesClientIdRegistration() throws Exception { + web.enqueue(new MockResponse().setBody("body").setResponseCode(200)); + // @formatter:off + this.mockMvc.perform(get("/annotation/explicit") + .with(oauth2Login()) + .with(oauth2Client("client-id"))) + .andExpect(status().isOk()); + // @formatter:on + } + + @Test + void annotationImplicitWhenAuthenticatedThenUsesDefaultRegistration() throws Exception { + web.enqueue(new MockResponse().setBody("body").setResponseCode(200)); + // @formatter:off + this.mockMvc.perform(get("/annotation/implicit") + .with(oauth2Login())) + .andExpect(status().isOk()); + // @formatter:on + } + + @Test + void publicAnnotationExplicitWhenAuthenticatedThenUsesClientIdRegistration() throws Exception { + web.enqueue(new MockResponse().setBody("body").setResponseCode(200)); + // @formatter:off + this.mockMvc.perform(get("/public/annotation/explicit") + .with(oauth2Client("client-id"))) + .andExpect(status().isOk()); + // @formatter:on + } + + @Test + void publicAnnotationImplicitWhenAuthenticatedThenUsesDefaultRegistration() throws Exception { + web.enqueue(new MockResponse().setBody("body").setResponseCode(200)); + // @formatter:off + this.mockMvc.perform(get("/public/annotation/implicit") + .with(oauth2Login())) + .andExpect(status().isOk()); + // @formatter:on + } + + @Configuration + static class WebClientConfig { + + @Bean + WebClient web() { + return WebClient.create(web.url("/").toString()); + } + + @Bean + OAuth2AuthorizedClientRepository authorizedClientRepository() { + return new HttpSessionOAuth2AuthorizedClientRepository(); + } + + } + +} diff --git a/settings.gradle b/settings.gradle index cc480d4..5406495 100644 --- a/settings.gradle +++ b/settings.gradle @@ -32,4 +32,6 @@ include ":servlet:spring-boot:java:hello-security-explicit" include ":servlet:spring-boot:java:oauth2:login" include ":servlet:spring-boot:java:oauth2:resource-server:hello-security" include ":servlet:spring-boot:java:oauth2:resource-server:jwe" +include ":servlet:spring-boot:java:oauth2:webclient" include ":servlet:spring-boot:kotlin:hello-security" +